[Ltb-users] Password was refused by the LDAP directory

Clément OUDOT clem.oudot at gmail.com
Fri Sep 19 12:34:33 CEST 2014


2014-09-19 12:06 GMT+02:00 Robert Ludvik <robert.ludvik at zd-lj.si>:

> Hi.
>

Hi,


> I use LDAP server 389-ds, version 1.2 (http://www.port389.org/) and Samba
> 3.
> I set up LTB and it works fine - I can change userPassword as well as
> Samba password.
>
> Our security requests are that users should not reuse last 5 passwords.
> This cannot be set up with LTB, AFAIK, but should be set in LDAP server.
>
>
Right, password history can be managed in LDAP server.



> If I enable password syntax checking in 389-ds Admin console like this:
> http://snag.gy/aqdCn.jpg
>
>

Well, this has nothing to do with password history, you configured here
syntax checking.



> the LTB continue to report "Password was refused by the LDAP directory"
> even if I enter new password within these requests. I found out it reports
> LDAP error 19:
> LDAP_CONSTRAINT_VIOLATION
> (Indicates that the attribute value specified in a modify, add, or modify
> DN operation violates constraints placed on the attribute. The constraint
> can be one of size or content (string only, no binary).)
>
>

As you said, the LDAP server refuses the password.



> But, I can change password via Windows Ctrl-Alt-Del -> Change password.
>


I think the password is changed on AD, not on 389 server.



>
> Can someone please help me with this /point to what could be wrong?
>
> My LTB conf settings:
> http://ur1.ca/i7omf
>
>

Sounds good.




Clément.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20140919/be789a2d/attachment.htm>


More information about the ltb-users mailing list